var-202209-0771
Vulnerability from variot
The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. Safari , iOS , tvOS A vulnerability exists in multiple Apple products that involves improper restriction of rendered user interface layers or frames.Information may be obtained and information may be tampered with. Description This CVE is under investigation by Red Hat Product Security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-32
https://security.gentoo.org/
Severity: High Title: WebKitGTK+: Multiple Vulnerabilities Date: May 30, 2023 Bugs: #871732, #879571, #888563, #905346, #905349, #905351 ID: 202305-32
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
Package Vulnerable Unaffected
net-libs/webkit-gtk < 2.40.1 >= 2.40.1
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.40.1"
References
[ 1 ] CVE-2022-32885 https://nvd.nist.gov/vuln/detail/CVE-2022-32885 [ 2 ] CVE-2022-32886 https://nvd.nist.gov/vuln/detail/CVE-2022-32886 [ 3 ] CVE-2022-32888 https://nvd.nist.gov/vuln/detail/CVE-2022-32888 [ 4 ] CVE-2022-32891 https://nvd.nist.gov/vuln/detail/CVE-2022-32891 [ 5 ] CVE-2022-32923 https://nvd.nist.gov/vuln/detail/CVE-2022-32923 [ 6 ] CVE-2022-42799 https://nvd.nist.gov/vuln/detail/CVE-2022-42799 [ 7 ] CVE-2022-42823 https://nvd.nist.gov/vuln/detail/CVE-2022-42823 [ 8 ] CVE-2022-42824 https://nvd.nist.gov/vuln/detail/CVE-2022-42824 [ 9 ] CVE-2022-42826 https://nvd.nist.gov/vuln/detail/CVE-2022-42826 [ 10 ] CVE-2022-42852 https://nvd.nist.gov/vuln/detail/CVE-2022-42852 [ 11 ] CVE-2022-42856 https://nvd.nist.gov/vuln/detail/CVE-2022-42856 [ 12 ] CVE-2022-42863 https://nvd.nist.gov/vuln/detail/CVE-2022-42863 [ 13 ] CVE-2022-42867 https://nvd.nist.gov/vuln/detail/CVE-2022-42867 [ 14 ] CVE-2022-46691 https://nvd.nist.gov/vuln/detail/CVE-2022-46691 [ 15 ] CVE-2022-46692 https://nvd.nist.gov/vuln/detail/CVE-2022-46692 [ 16 ] CVE-2022-46698 https://nvd.nist.gov/vuln/detail/CVE-2022-46698 [ 17 ] CVE-2022-46699 https://nvd.nist.gov/vuln/detail/CVE-2022-46699 [ 18 ] CVE-2022-46700 https://nvd.nist.gov/vuln/detail/CVE-2022-46700 [ 19 ] CVE-2023-23517 https://nvd.nist.gov/vuln/detail/CVE-2023-23517 [ 20 ] CVE-2023-23518 https://nvd.nist.gov/vuln/detail/CVE-2023-23518 [ 21 ] CVE-2023-23529 https://nvd.nist.gov/vuln/detail/CVE-2023-23529 [ 22 ] CVE-2023-25358 https://nvd.nist.gov/vuln/detail/CVE-2023-25358 [ 23 ] CVE-2023-25360 https://nvd.nist.gov/vuln/detail/CVE-2023-25360 [ 24 ] CVE-2023-25361 https://nvd.nist.gov/vuln/detail/CVE-2023-25361 [ 25 ] CVE-2023-25362 https://nvd.nist.gov/vuln/detail/CVE-2023-25362 [ 26 ] CVE-2023-25363 https://nvd.nist.gov/vuln/detail/CVE-2023-25363 [ 27 ] CVE-2023-27932 https://nvd.nist.gov/vuln/detail/CVE-2023-27932 [ 28 ] CVE-2023-27954 https://nvd.nist.gov/vuln/detail/CVE-2023-27954 [ 29 ] CVE-2023-28205 https://nvd.nist.gov/vuln/detail/CVE-2023-28205 [ 30 ] WSA-2022-0009 https://webkitgtk.org/security/WSA-2022-0009.html [ 31 ] WSA-2022-0010 https://webkitgtk.org/security/WSA-2022-0010.html [ 32 ] WSA-2023-0001 https://webkitgtk.org/security/WSA-2023-0001.html [ 33 ] WSA-2023-0002 https://webkitgtk.org/security/WSA-2023-0002.html [ 34 ] WSA-2023-0003 https://webkitgtk.org/security/WSA-2023-0003.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . WebKit Bugzilla: 243236 CVE-2022-32891: @real_as3617 and an anonymous researcher Entry updated October 27, 2022
WebKit Sandboxing Available for: macOS Big Sur and macOS Monterey Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab Entry added October 27, 2022
Safari 16 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-11 tvOS 16
tvOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213487.
Accelerate Framework Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)
GPU Drivers Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32903: an anonymous researcher
ImageIO Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Image Processing Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
Image Processing Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32949: Tingting Yin of Tsinghua University Entry added October 27, 2022
Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab
Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
MediaLibrary Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Notifications Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
Sandbox Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
SQLite Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)
WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 242762 CVE-2022-32891: @real_as3617, an anonymous researcher
Wi-Fi Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32925: Wang Yu of Cyberserval
Additional recognition
AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
Kernel We would like to acknowledge an anonymous researcher for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge an anonymous researcher for their assistance.
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpUACgkQ4RjMIDke NxmVqQ//euIvh3eN5tjkLRIDWFgteGsdR3O6GXKVcZvCiOI7EdmCksA7/3uIo3m2 wAXO/XJB5GDbxwHpyIlaN6eSlQnAhUTeYuDZGTyyUKwRmyj0oYu0IQw9C1xrGefA LDEqYiTwx7sQnuC6ijirFdHSO0uM+YEHCm0OZ4v2dGBJKAdIFN/5b0jq6/Y9NnWL EHSL5BLhOOEBxWoi4K2tbbE+ty8+Zqk0GrUJxaWQ7vCKPD8Ts2sNb7JAAVu5WQDY bmOyWpusZ1evUE/N0nZdqWFTwAXCTfH+4xZ4IXHTUFuHPIXuJ/2ySeqzYjldY75Q vGVCy1b4wtd+C9XD7QGbpd3MHrkECZMI8pWbHkCB53Io1+zdaKiv+xmtSl0ZlFyL 8f/FsR34FMzQPAhlZec60hIKHh83Lr7pOK5KrPNgAECTlxtBYD7Teau+qqTYFQgN pW5/4WtXhVpje5ILu3xzUmqBWk7QPNa7b0PdPLu6OjxE9iMVJF+p8Suk739Ex2H7 81uJp89tTE3UYXvhxaMYP2L0tbrEydlz+wGGI35+jrt4S82FsmvJvV9lqT8NubIG /IakSGMMlYoyb4JcCN3MJCXs2C48iydCPE4g7yaEhg4qNpcXfANdEzRh/KAenSwq bWic5nC6dxWqD4OXjyfjmpkvrq5B2lg87WesDkqMh9oJ9uWBTh8= =Aea8 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202209-0771", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "16.0" }, { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "16.0" }, { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "9.0" }, { "model": "safari", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "16.0" }, { "model": "safari", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "watchos", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": "9.0" }, { "model": "ios", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "tvos", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "db": "NVD", "id": "CVE-2022-32891" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-32891" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "168362" }, { "db": "PACKETSTORM", "id": "169602" }, { "db": "PACKETSTORM", "id": "169589" } ], "trust": 0.3 }, "cve": "CVE-2022-32891", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2022-32891", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-32891", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202209-785", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "db": "NVD", "id": "CVE-2022-32891" }, { "db": "CNNVD", "id": "CNNVD-202209-785" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. Safari , iOS , tvOS A vulnerability exists in multiple Apple products that involves improper restriction of rendered user interface layers or frames.Information may be obtained and information may be tampered with. Description\u003c!----\u003e\n This CVE is under investigation by Red Hat Product Security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202305-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebKitGTK+: Multiple Vulnerabilities\n Date: May 30, 2023\n Bugs: #871732, #879571, #888563, #905346, #905349, #905351\n ID: 202305-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n=========\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from hybrid\nHTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n------------------- ------------ ------------\nnet-libs/webkit-gtk \u003c 2.40.1 \u003e= 2.40.1\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.40.1\"\n\nReferences\n=========\n[ 1 ] CVE-2022-32885\n https://nvd.nist.gov/vuln/detail/CVE-2022-32885\n[ 2 ] CVE-2022-32886\n https://nvd.nist.gov/vuln/detail/CVE-2022-32886\n[ 3 ] CVE-2022-32888\n https://nvd.nist.gov/vuln/detail/CVE-2022-32888\n[ 4 ] CVE-2022-32891\n https://nvd.nist.gov/vuln/detail/CVE-2022-32891\n[ 5 ] CVE-2022-32923\n https://nvd.nist.gov/vuln/detail/CVE-2022-32923\n[ 6 ] CVE-2022-42799\n https://nvd.nist.gov/vuln/detail/CVE-2022-42799\n[ 7 ] CVE-2022-42823\n https://nvd.nist.gov/vuln/detail/CVE-2022-42823\n[ 8 ] CVE-2022-42824\n https://nvd.nist.gov/vuln/detail/CVE-2022-42824\n[ 9 ] CVE-2022-42826\n https://nvd.nist.gov/vuln/detail/CVE-2022-42826\n[ 10 ] CVE-2022-42852\n https://nvd.nist.gov/vuln/detail/CVE-2022-42852\n[ 11 ] CVE-2022-42856\n https://nvd.nist.gov/vuln/detail/CVE-2022-42856\n[ 12 ] CVE-2022-42863\n https://nvd.nist.gov/vuln/detail/CVE-2022-42863\n[ 13 ] CVE-2022-42867\n https://nvd.nist.gov/vuln/detail/CVE-2022-42867\n[ 14 ] CVE-2022-46691\n https://nvd.nist.gov/vuln/detail/CVE-2022-46691\n[ 15 ] CVE-2022-46692\n https://nvd.nist.gov/vuln/detail/CVE-2022-46692\n[ 16 ] CVE-2022-46698\n https://nvd.nist.gov/vuln/detail/CVE-2022-46698\n[ 17 ] CVE-2022-46699\n https://nvd.nist.gov/vuln/detail/CVE-2022-46699\n[ 18 ] CVE-2022-46700\n https://nvd.nist.gov/vuln/detail/CVE-2022-46700\n[ 19 ] CVE-2023-23517\n https://nvd.nist.gov/vuln/detail/CVE-2023-23517\n[ 20 ] CVE-2023-23518\n https://nvd.nist.gov/vuln/detail/CVE-2023-23518\n[ 21 ] CVE-2023-23529\n https://nvd.nist.gov/vuln/detail/CVE-2023-23529\n[ 22 ] CVE-2023-25358\n https://nvd.nist.gov/vuln/detail/CVE-2023-25358\n[ 23 ] CVE-2023-25360\n https://nvd.nist.gov/vuln/detail/CVE-2023-25360\n[ 24 ] CVE-2023-25361\n https://nvd.nist.gov/vuln/detail/CVE-2023-25361\n[ 25 ] CVE-2023-25362\n https://nvd.nist.gov/vuln/detail/CVE-2023-25362\n[ 26 ] CVE-2023-25363\n https://nvd.nist.gov/vuln/detail/CVE-2023-25363\n[ 27 ] CVE-2023-27932\n https://nvd.nist.gov/vuln/detail/CVE-2023-27932\n[ 28 ] CVE-2023-27954\n https://nvd.nist.gov/vuln/detail/CVE-2023-27954\n[ 29 ] CVE-2023-28205\n https://nvd.nist.gov/vuln/detail/CVE-2023-28205\n[ 30 ] WSA-2022-0009\n https://webkitgtk.org/security/WSA-2022-0009.html\n[ 31 ] WSA-2022-0010\n https://webkitgtk.org/security/WSA-2022-0010.html\n[ 32 ] WSA-2023-0001\n https://webkitgtk.org/security/WSA-2023-0001.html\n[ 33 ] WSA-2023-0002\n https://webkitgtk.org/security/WSA-2023-0002.html\n[ 34 ] WSA-2023-0003\n https://webkitgtk.org/security/WSA-2023-0003.html\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202305-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nWebKit Bugzilla: 243236\nCVE-2022-32891: @real_as3617 and an anonymous researcher\nEntry updated October 27, 2022\n\nWebKit Sandboxing\nAvailable for: macOS Big Sur and macOS Monterey\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\nEntry added October 27, 2022\n\nSafari 16 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-11 tvOS 16\n\ntvOS 16 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213487. \n\nAccelerate Framework\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nAppleAVD\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio\nZekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research\ns.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)\n\nGPU Drivers\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32903: an anonymous researcher\n\nImageIO\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nImage Processing\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImage Processing\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD \nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: This issue was addressed with improved checks. \nCVE-2022-32949: Tingting Yin of Tsinghua University\nEntry added October 27, 2022\n\nKernel\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nMediaLibrary\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nNotifications\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nSandbox\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSQLite\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer(@p1umer), afang(@afang5472),\nxmzyshypnc(@xmzyshypnc1)\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 242762\nCVE-2022-32891: @real_as3617, an anonymous researcher\n\nWi-Fi\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple\nTV HD\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32925: Wang Yu of Cyberserval\n\nAdditional recognition\n\nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nKernel\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting \"Settings -\u003e\nSystem -\u003e Software Update -\u003e Update Software.\" To check the current\nversion of software, select \"Settings -\u003e General -\u003e About.\"\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpUACgkQ4RjMIDke\nNxmVqQ//euIvh3eN5tjkLRIDWFgteGsdR3O6GXKVcZvCiOI7EdmCksA7/3uIo3m2\nwAXO/XJB5GDbxwHpyIlaN6eSlQnAhUTeYuDZGTyyUKwRmyj0oYu0IQw9C1xrGefA\nLDEqYiTwx7sQnuC6ijirFdHSO0uM+YEHCm0OZ4v2dGBJKAdIFN/5b0jq6/Y9NnWL\nEHSL5BLhOOEBxWoi4K2tbbE+ty8+Zqk0GrUJxaWQ7vCKPD8Ts2sNb7JAAVu5WQDY\nbmOyWpusZ1evUE/N0nZdqWFTwAXCTfH+4xZ4IXHTUFuHPIXuJ/2ySeqzYjldY75Q\nvGVCy1b4wtd+C9XD7QGbpd3MHrkECZMI8pWbHkCB53Io1+zdaKiv+xmtSl0ZlFyL\n8f/FsR34FMzQPAhlZec60hIKHh83Lr7pOK5KrPNgAECTlxtBYD7Teau+qqTYFQgN\npW5/4WtXhVpje5ILu3xzUmqBWk7QPNa7b0PdPLu6OjxE9iMVJF+p8Suk739Ex2H7\n81uJp89tTE3UYXvhxaMYP2L0tbrEydlz+wGGI35+jrt4S82FsmvJvV9lqT8NubIG\n/IakSGMMlYoyb4JcCN3MJCXs2C48iydCPE4g7yaEhg4qNpcXfANdEzRh/KAenSwq\nbWic5nC6dxWqD4OXjyfjmpkvrq5B2lg87WesDkqMh9oJ9uWBTh8=\n=Aea8\n-----END PGP SIGNATURE-----\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2022-32891" }, { "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "db": "VULHUB", "id": "VHN-424980" }, { "db": "VULMON", "id": "CVE-2022-32891" }, { "db": "PACKETSTORM", "id": "168362" }, { "db": "PACKETSTORM", "id": "172625" }, { "db": "PACKETSTORM", "id": "169602" }, { "db": "PACKETSTORM", "id": "169589" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-32891", "trust": 3.8 }, { "db": "PACKETSTORM", "id": "168362", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "169602", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-020308", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.5462", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5473", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202209-785", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "169589", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-424980", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-32891", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "172625", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-424980" }, { "db": "VULMON", "id": "CVE-2022-32891" }, { "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "db": "PACKETSTORM", "id": "168362" }, { "db": "PACKETSTORM", "id": "172625" }, { "db": "PACKETSTORM", "id": "169602" }, { "db": "PACKETSTORM", "id": "169589" }, { "db": "NVD", "id": "CVE-2022-32891" }, { "db": "CNNVD", "id": "CNNVD-202209-785" } ] }, "id": "VAR-202209-0771", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-424980" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:35:02.923000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT213486 Apple\u00a0 Security update", "trust": 0.8, "url": "https://support.apple.com/en-us/ht213442" }, { "title": "Apple macOS Safari Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209108" }, { "title": "Red Hat: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-32891" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-32891" }, { "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "db": "CNNVD", "id": "CNNVD-202209-785" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1021", "trust": 1.0 }, { "problemtype": "Improper restrictions on rendered user interface layers or frames (CWE-1021) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "db": "NVD", "id": "CVE-2022-32891" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://security.gentoo.org/glsa/202305-32" }, { "trust": 2.3, "url": "https://support.apple.com/en-us/ht213442" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht213446" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht213486" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht213487" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32891" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-32891/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5462" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5473" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-three-vulnerabilities-39368" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168362/apple-security-advisory-2022-09-12-5.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169602/apple-security-advisory-2022-10-27-14.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32886" }, { "trust": 0.3, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32912" }, { "trust": 0.3, "url": "https://support.apple.com/en-us/ht201222." }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32868" }, { "trust": 0.2, "url": "https://support.apple.com/ht213442." }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32888" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-32891" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-46698" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23529" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2022-0010.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42867" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42852" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2023-0001.html" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-46692" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42799" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2023-0002.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23517" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2022-0009.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42824" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-46691" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42826" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2023-0003.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32885" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27932" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42823" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-46700" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27954" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-46699" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25361" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32923" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25360" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42863" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42856" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-25362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690" }, { "trust": 0.1, "url": "https://support.apple.com/ht213487." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32879" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32903" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32908" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32911" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881" } ], "sources": [ { "db": "VULHUB", "id": "VHN-424980" }, { "db": "VULMON", "id": "CVE-2022-32891" }, { "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "db": "PACKETSTORM", "id": "168362" }, { "db": "PACKETSTORM", "id": "172625" }, { "db": "PACKETSTORM", "id": "169602" }, { "db": "PACKETSTORM", "id": "169589" }, { "db": "NVD", "id": "CVE-2022-32891" }, { "db": "CNNVD", "id": "CNNVD-202209-785" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-424980" }, { "db": "VULMON", "id": "CVE-2022-32891" }, { "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "db": "PACKETSTORM", "id": "168362" }, { "db": "PACKETSTORM", "id": "172625" }, { "db": "PACKETSTORM", "id": "169602" }, { "db": "PACKETSTORM", "id": "169589" }, { "db": "NVD", "id": "CVE-2022-32891" }, { "db": "CNNVD", "id": "CNNVD-202209-785" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-27T00:00:00", "db": "VULHUB", "id": "VHN-424980" }, { "date": "2023-11-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "date": "2022-09-13T15:45:03", "db": "PACKETSTORM", "id": "168362" }, { "date": "2023-05-30T16:32:33", "db": "PACKETSTORM", "id": "172625" }, { "date": "2022-10-31T15:01:45", "db": "PACKETSTORM", "id": "169602" }, { "date": "2022-10-31T14:51:24", "db": "PACKETSTORM", "id": "169589" }, { "date": "2023-02-27T20:15:12.063000", "db": "NVD", "id": "CVE-2022-32891" }, { "date": "2022-09-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-785" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-03-08T00:00:00", "db": "VULHUB", "id": "VHN-424980" }, { "date": "2023-11-01T07:07:00", "db": "JVNDB", "id": "JVNDB-2022-020308" }, { "date": "2023-05-30T06:15:20.753000", "db": "NVD", "id": "CVE-2022-32891" }, { "date": "2023-05-31T00:00:00", "db": "CNNVD", "id": "CNNVD-202209-785" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-785" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability related to improper restriction of rendered user interface layers or frames in multiple Apple products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-020308" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202209-785" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.